@collaborne/custom-cloudformation-resources
Version:
Custom CloudFormation resources
134 lines • 4.76 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.CloudFrontWafV2RuleGroup = void 0;
const aws_sdk_1 = require("aws-sdk");
const custom_resource_1 = require("../custom-resource");
const SCHEMA = {
type: 'object',
properties: {
Name: {
type: 'string',
},
Description: {
type: 'string',
},
Capacity: {
type: 'number',
},
Rules: {
type: 'string',
},
},
required: ['Name', 'Capacity'],
};
const SCOPE = 'CLOUDFRONT';
class CloudFrontWafV2RuleGroup extends custom_resource_1.CustomResource {
constructor(logicalResourceId, logger) {
super(SCHEMA, logicalResourceId, logger);
this.region = 'us-east-1'; // Region must be `us-east-1` for `CloudFront WAF`
this.wafV2 = new aws_sdk_1.WAFV2({
region: this.region,
});
}
async createResource(physicalResourceId, { Name, Description, Capacity, Rules }) {
var _a, _b, _c, _d;
const rules = JSON.parse(Rules);
const ruleGroupParams = {
Name,
Description,
Scope: SCOPE,
Capacity,
Rules: rules,
VisibilityConfig: {
SampledRequestsEnabled: true,
CloudWatchMetricsEnabled: true,
MetricName: 'CommonAttackRuleGroup',
},
};
try {
const ruleGroup = await this.wafV2
.createRuleGroup(ruleGroupParams)
.promise();
if (!ruleGroup || !((_a = ruleGroup.Summary) === null || _a === void 0 ? void 0 : _a.ARN) || !ruleGroup.Summary.Id) {
throw new Error('Error creating Rule Group');
}
console.debug('Rule Group created successfully:', (_b = ruleGroup.Summary) === null || _b === void 0 ? void 0 : _b.ARN);
return {
physicalResourceId,
attributes: {
Arn: (_c = ruleGroup.Summary) === null || _c === void 0 ? void 0 : _c.ARN,
Id: (_d = ruleGroup.Summary) === null || _d === void 0 ? void 0 : _d.Id,
},
};
}
catch (err) {
console.error('Error creating Rule Group:', err);
throw new Error('Error creating Rule Group');
}
}
async deleteResource(physicalResourceId, { Name }) {
var _a;
const ruleGroup = await this.getRuleGroup(Name);
if (!ruleGroup.RuleGroup || !ruleGroup.LockToken) {
throw new Error(`Rule group is not deletable ${Name}`);
}
await this.wafV2
.deleteRuleGroup({
Name,
Scope: SCOPE,
Id: (_a = ruleGroup.RuleGroup) === null || _a === void 0 ? void 0 : _a.Id,
LockToken: ruleGroup.LockToken,
})
.promise();
return {
physicalResourceId,
};
}
async updateResource(physicalResourceId, { Name, Description, Rules }) {
const ruleGroup = await this.getRuleGroup(Name);
if (!ruleGroup.RuleGroup || !ruleGroup.LockToken) {
throw new Error(`Rule group is not updatable ${Name}`);
}
const rules = JSON.parse(Rules);
const updateRuleGroupParams = {
Id: ruleGroup.RuleGroup.Id,
Name,
Description,
Scope: SCOPE,
Rules: rules,
VisibilityConfig: ruleGroup.RuleGroup.VisibilityConfig,
LockToken: ruleGroup.LockToken,
};
await this.wafV2.updateRuleGroup(updateRuleGroupParams).promise();
return {
physicalResourceId,
attributes: {
Arn: ruleGroup.RuleGroup.ARN,
Id: ruleGroup.RuleGroup.Id,
},
};
}
async getRuleGroup(name) {
const ruleGroups = await this.wafV2
.listRuleGroups({ Scope: SCOPE })
.promise();
if (!ruleGroups.RuleGroups || ruleGroups.RuleGroups.length < 1) {
throw new Error(`There is no rule groups in your account with scope ${SCOPE}`);
}
const ruleGroupSummary = ruleGroups.RuleGroups.find(ruleGroup => ruleGroup.Name === name);
if (!ruleGroupSummary) {
throw new Error(`Unknown rule group name ${name}`);
}
const ruleGroup = await this.wafV2
.getRuleGroup({
Name: name,
Id: ruleGroupSummary.Id,
ARN: ruleGroupSummary.ARN,
Scope: SCOPE,
})
.promise();
return ruleGroup;
}
}
exports.CloudFrontWafV2RuleGroup = CloudFrontWafV2RuleGroup;
//# sourceMappingURL=index.js.map